Page 140 of 1928 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66. Una vulnerabilidad existente durante la solicitud de una transacción FTP donde sucesivos mensajes modales son mostrados y no pueden ser inmediatamente rechazados. Esto permite un ataque de denegación de servicios (DoS). • https://bugzilla.mozilla.org/show_bug.cgi?id=1525267 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-399: Resource Management Errors •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the default URI handler for a given URI scheme in third party applications and these applications insufficiently sanitize URL data. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1530103 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of unintended additional bash script commands if the URL was maliciously crafted. This is the result of an issue with the native version of Bash on macOS. *Note: This issue only affects macOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1518026 https://www.mozilla.org/security/advisories/mfsa2019-07 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The about:crashcontent and about:crashparent pages can be triggered by web content. These pages are used to crash the loaded page or the browser for test purposes. This issue allows for a non-persistent denial of service (DOS) attack by a malicious site which links to these pages. This vulnerability affects Firefox < 64. Las paginas about:crashcontent y about:crashparent pueden ser accionadas por contenido web. • https://bugzilla.mozilla.org/show_bug.cgi?id=1507702 https://www.mozilla.org/security/advisories/mfsa2018-29 •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows operating systems. This should only happen if the program has specifically registered itself as a "URL Handler" in the Windows registry. *Note: This issue only affects Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. • https://bugzilla.mozilla.org/show_bug.cgi?id=1527717 https://www.mozilla.org/security/advisories/mfsa2019-07 https://www.mozilla.org/security/advisories/mfsa2019-08 https://www.mozilla.org/security/advisories/mfsa2019-11 • CWE-20: Improper Input Validation •